How can a user change their own password for an Azure SQL Server database with SQL Authentication?

Question

After running these commands against an Azure SQL Server (in SSMS or using a command line utility):

-- run in the master table to create the login   
    CREATE LOGIN SusanDBA with password= 'U$3r---Pa55W0rd!!'  

-- run against AnotherDB (not the master db)  
    CREATE USER  SusanDBA from LOGIN SusanDBA  

SusanDBA can login to open a connection to the AnotherDB but cannot execute the Alter Login command to change the password. This reportedly has to be done against the master database. But we don't want the user to connect to the master db for security reasons.

The command

 Alter Login SusanDBA  
     with PASSWORD = 'U$3r---Pa55W0rd!!---'  
     OLD_PASSWORD='U$3r---Pa55W0rd!!' 

Gets the response

Msg 5001, Level 16, State 3, Line 1 User must be in the master database.

An administrator with appropriate master privileges can change the password but that kind of defeats the purpose: the administrator now knows the user's password.

Constraints:
- We are not in a position to use AD in this case so its SQL Authentication.
- We would like to use a command prompt utility like SQLCMD.

Answer 1

Correct sintax on March 2021 ALTER LOGIN [login] WITH PASSWORD='XXX' OLD_PASSWORD='NNN';

Answer 2

ALTER USER userName WITH PASSWORD='newPassword' OLD_PASSWORD='oldPassword';

also reference:

https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-user-transact-sql?view=sql-server-ver15

and

https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-user-transact-sql?view=sql-server-ver15